Skip to Main Content
National Cyber Security Awareness Month | Save 15% on toolkits, self-paced training, and staff awareness e-learning courses | Use code NCSAM15

Cyber Essentials Plus - Get A Lot of Help

Cyber Essentials Certification and Precheck

Cyber Essentials Toolkit

Cyber Essentials Onsite Consultancy – 1 day

Cyber Essentials Plus Certification

Price: £3,050.00
ex. VAT
Cyber Essentials Plus - Get A Lot of Help
SKU: G4502
Format: Annual Subscription

Achieve Cyber Essentials Plus certification with extra support and resources from one of the founding Cyber Essentials certification bodies, which remains one of the largest in the UK.

  • One-to-one consultancy support throughout your Cyber Essentials project to make sure you are on track to achieve both levels of certification.
  • Our precheck support gives you the confidence your SAQ (self-assessment questionnaire) will be accepted by IASME first time.
  • Includes cyber insurance, one-to-one consultancy support and a certification guarantee*, which will bolster your organisation’s commitment to baseline cyber security.
  • Our documentation toolkit provides all the pre-written policies and procedures you need, saving you weeks of work.
  • Includes an on-site or remote assessment, internal vulnerability scans and an external vulnerability scan that offers a higher level of assurance to your stakeholders that your Cyber Essentials controls are in place.

This is an annual subscription service. All elements of this service, apart from consultancy, will renew automatically. Cyber Essentials certificates are valid for 12 months, in line with IASME requirements. (T&Cs apply.)


What’s included in Cyber Essentials Plus Get A Lot Of Help?

Cyber Essentials certification, Cyber Essentials Plus certification and precheck

  • One-to-one consultancy support as part of the precheck service.
  • A precheck of your SAQ by our in-house consultants to make sure you meet the criteria set out by IASME before you submit your final questionnaire.
  • A certification guarantee.*
  • Free cyber insurance available to UK companies with a turnover of less than £20 million. This includes a 24-hour helpline to report a cyber incident, which will provide crisis management and incident response, with a total liability limit of £25,000. See a full breakdown of what’s included here.
  • An on-site assessment, internal vulnerability scans and external vulnerability scans (can be conducted remotely in some cases).
  • Your Cyber Essentials certificate (worth £300) and your Cyber Essentials Plus certificate.

Cyber Essentials Toolkit

A complete set of pre-written policy and procedure templates that will help you comply with the Cyber Essentials scheme.

  • Designed to reflect the requirements of the scheme.
  • Built on expert knowledge from numerous cyber security implementation projects.
  • Ensure that the controls you are implementing are aligned to the requirements of the scheme.

Cyber Essentials Onsite Consultancy – 1 day

Cyber Essentials self-assessment questions can be difficult to understand if you do not have a technical IT background. This service is applicable for the first year of your subscription and is ideal for organisations with a more complex company structure. It provides additional support with the assessment process, helping you understand the scheme’s requirements, define your scope and understand how to implement the five controls, as well as complete the SAQ.

For large organisations with complex structures, we suggest they start with a Cyber Essentials Plus Health Check.

How the application process works:

  • We contact you to arrange delivery of your consultancy support.
  • We help you define your scope for certification and complete the IASME SAQ.
  • We review your assessment before your first submission to check if you meet the certification criteria.
  • You confirm and submit your application.
  • Subject to a positive outcome, we issue your Cyber Essentials certificate.
  • Once you are Cyber Essentials certified, you schedule your on-site assessment, which will include the internal vulnerability scan.
  • We conduct the on-site assessment and perform the necessary internal scan on a sample of your Internet-facing devices.
  • We provide you with the results of the internal scan and on-site assessment.
  • If there are nonconformities, we provide feedback to help you understand how to close these gaps and achieve certification.
  • We schedule your external vulnerability scan.
  • Subject to a positive outcome, you receive your Cyber Essentials Plus certificate.
Net Promoter score of +68

Our Cyber Essentials services have an excellent NPS (Net Promoter Score) of +68

Is this service right for you?

Our Get A Lot of Help package will give you a better chance of achieving IASME-licensed Cyber Essentials Plus certification at the first attempt. It has been created for organisations with little or no experience of implementing the Cyber Essentials scheme’s five controls, or those that need a lot of assistance completing the SAQ.

It is also suitable for larger organisations with complex organisational structures.

See what our customers think about this service

“Really pleased with the support offered by Matthew and the team. Straightforward advice on how to complete the form and pragmatic ways to comply with the requirements. We have been discussing getting Cyber Essentials certification since 2017 but have always put it off, being daunted by the process and speaking to IT consultants who made it sound too complicated. Working with you made the process manageable, straightforward and stress-free. Thank you for all your help!”

- Tom Lamb, A Lamb Associates Limited


“Our consultant, Terry Norton, was professional throughout and clearly had a very good knowledge of the standard and the testing, being able to help our IT Administrator ensure the relevant audit tools were installed correctly. We also found Terry friendly, patient and helpful, which is very important for remote sessions.”

- Peter Hodgson, Viewpoint Construction Software Limited


“Professional and supportive, great customer service. Maintained a dialogue without making the candidate feel under pressure with the process. Supportive throughout.”

- Rowan Irwin, T-Systems Limited


“Brilliant service from the team who were completely supportive of someone like me who runs a microbusiness and is hopeless with technical stuff. I am so grateful fo the handholding and advice you gave me.”

- Caroline


“Thanks for all your support, team – really appreciate your assistance in getting us through this in such a short space of time. Couldn’t recommend a better group of folk to work with!”

- Rowan Troy, Six Degrees Technology Group Limited


“Amazing Service, very friendly throughout and willing to help you every step through the process.”

- Ian


“IT Governance were very helpful and really focussed on what was needed to get the certification and have a more secure setup as part of the process (we did not just get assurance, we improved our assurance process).”

- Karl Axnick, Alscient Ltd


“Terry and Dan were extremely helpful, knowledgeable, and provide quick and effective answers to any query I raised.”

- Anonymous


Benefits of Cyber Essentials Plus certification

Work with the best

IT Governance is one of the founding Cyber Essentials certification bodies and remains one of the largest in the UK. We have issued more than 5,500 certifications worldwide and our broad range of fixed-price services has helped thousands of organisations achieve baseline cyber security.

Secure the supply chain

The ICO (Information Commissioner’s Office), the UK’s data protection regulator, recommends Cyber Essentials as a “good starting point” for the cyber security of the IT you rely on to hold and process personal data.

Secure more business

Boost your reputation and attract new business by assuring customers you take cyber security seriously and have cyber security measures in place.

Work with the UK government and MOD

Cyber Essentials Plus gives you the opportunity to work with the UK government and MOD.

Be listed on the National Cyber Security Centre’s database

Cyber Essentials certificates issued in the previous 12 months are listed on the NCSC website, showing suppliers your commitment to protecting your and your customers’ data.

The NCSC (National Cyber Security Centre)

The NCSC (National Cyber Security Centre) has reviewed what influence Cyber Essentials has on cyber security attitudes and behaviours. It found:

  • 93% of certified organisations are confident that they are protected against common, Internet-based cyber attacks;
  • 61% of certified organisations say they are more likely to choose suppliers with Cyber Essentials or Cyber Essentials Plus certification; and
  • Certified organisations are more likely to implement cyber security controls beyond the scheme’s five controls, and are more aware of the risks posed by cyber attacks.


Cyber Essentials Plus involves a technical audit of the systems that are in scope for Cyber Essentials. This includes a representative set of workstations, mobile devices and build types in use by the organisation’s end users to complete their day-to-day duties. The number of builds is defined by the number of configurations of operating system and software suites installed. If more than one browser or Office suite is used, each variant will need to be tested. If they are installed on the same build, this is acceptable.

  • Your consultancy support day can be delivered either on-site or remotely. Any unused time will not be credited back.
  • This package includes on-site testing at one location, of one type of user account, on up to ten sample devices. Additional workstations, mobile devices and build types may need to be tested to meet the sampling requirements of the scheme. If you require more than ten end-user workstations to be tested, you will need to purchase Cyber Essentials Plus Certification – Additional Device Testing. This testing can be conducted remotely in some instances.
  • The package includes a free vulnerability scan for up to 16 IP addresses. If you have more than 16 IP addresses, you will need to purchase additional IP packages in packs of 16. If you fail your external scan, a rescan will need to be purchased, plus any additional IP packages that you need to cover only the failing IP addresses if completed with 14 days of the first passing element.
  • If your business is located outside mainland UK, additional expenses will be charged to accommodate our consultant’s travel time and costs for the on-site consultancy day and on-site assessment. These will be billed separately.
  • If your first Cyber Essentials submission is unsuccessful, you have two working days to submit a further attempt. If you are not successful on your second submission, you will be required to wait one month before reattempting at the cost of a new application.
  • If your Cyber Essentials Plus application is unsuccessful, your Cyber Essentials certification may be revoked.
  • Free cyber insurance is available to UK organisations with a turnover of less than £20 million. This includes a 24-hour helpline to report a cyber incident, with a total liability limit of £25,000. Terms and conditions apply.
  • *Our certification guarantee is based on your organisation implementing all the required controls and providing us with your application to check before your first submission. Full details can be found in our FAQs.
  • All new certificates issued by IASME have a 12-month expiry date. All elements, apart from consultancy, are annual subscription products; however, you can cancel at any time. (T&Cs apply.)
  • The consultancy element of this package is only applicable for the first year of the subscription. If required, you can re-purchase consultancy support when you renew your Cyber Essentials certification.

Test requirements

  • All user devices are subject to testing and will be agreed upon before the testing date, including mobile and BYOD (bring your own device), and must be available for testing.
  • All devices within the scope of testing must be user devices and cannot be built specifically for testing.
  • A local user account with username and password must be available for each user group in scope.
  • Devices must have Internet access, allow emails from our test domain and be accessible by our test web server (
  • You must provide details of a user email account per user group being assessed.
  • Workstation builds must be configured to allow an authenticated vulnerability scan that will determine patch and version numbers of installed software, and you must provide details of the user account to be used.
  • Remote registry must be enabled on the workstation builds, and no global policies that block the authenticated vulnerability scan are permitted.

Customer Reviews

(5.00)stars out of 5
Number of reviews: 4
1. on 22/03/2021, said:
5 stars out of 5
I found our CE+ experience to be quite easy, but this is down to the help and guidance we had from our Assessor. We always felt connected and able to reach out if we needed help. I would definitely use IT Governance for our renewal and of course any other certification path we may decide to go down in the future.
2. on 12/11/2020, said:
5 stars out of 5
Great service and professional help given to help you pass Cyber Essentials Plus.
3. on 27/06/2016, said:
5 stars out of 5
I am a big fan of Cyber Essentials: as a government-backed and industry-supported scheme it allows us to demonstrate to stakeholders that we have essential IT security controls in place. I am proud of the Action for Children IT team for achieving the ‘Plus’ level of certification for two years running. Action for Children have found the certification robust, worthwhile and cost effective. I would encourage all organisations to consider Cyber Essentials, especially those providing services to public sector bodies. Alan Crawford, Chief Information Officer - Action for Children
4. on 27/06/2016, said:
5 stars out of 5
Security is at the heart of everything we do, we take cyber security very seriously – the data centre is our business and security is part of that foundation. Achieving Cyber Essentials Plus will add great value: sharing the knowledge is one of our core values and our security accreditations allow us to live this value safely and effectively whilst enabling our customers to do the same. This fits well with our other certificates like ISO/IEC 27001:2013 and ISO/IEC 22301:2012. This gives our customers absolute piece of mind that their data is in the safest hands and ensures that our team are kept upskilled and informed. A. Rahim Khan, Information Security Officer - brightsolid Online Technology Ltd
Showing comments 1-4 of 4
This website uses cookies. View our cookie policy
WIN £100